chaospatterns
@chaospatterns@lemmy.world
- Comment on Anubis is awesome and I want to talk aout it 5 days ago:
If the app is just a WebView wrapper around the application, then the challenge page would load and try to be evaluated.
If it’s a native Android/iOS app, then it probably wouldn’t work because the app would try to make HTTP API calls and get back something unexpected.
- Comment on How does "DNS" work on the dark web? 5 days ago:
On Tor dark web domains, you use the .onion domain. Tor is configured as a SOCKS proxy, so it doesn’t perform a DNS query. Instead, Tor itself sees you’re trying to connect to an onion domain name. Then it takes the URL and translates that into a public key that it knows how to find in its own hidden service directory.
Only the actual hidden service has a valid private key corresponding to that public key in the URL so cryptography (and the assumption that quantum computers don’t exist) ensures you’re talking to the right server.
Tl;dr effectively no DNS for onion hidden services
- Comment on DFRobot router board with a CM4 1 week ago:
Unless you’re running VLANs, in which case the inter VLAN is normally handled by the router.
- Comment on It's your fault my laptop knows where I am 2 weeks ago:
Every WiFi router and network has something called an SSID and a BSSID. The SSID is the friendly name that you use to show off your puns to your neighbors. The BSSID is a 6 byte MAC address. All devices use the BSSID when connecting and communicating.
With a non hidden SSID, your router broadcasts the SSID and BSSID.
The BSSID is actually is static and doesn’t change and it’s what is actually used for geo location.
When it’s hidden, it doesn’t send the SSID out, but sends out packets with the BSSID. Clients then scream out to the void “anybody know the SSID ‘My Secret SSID??’” Then it’ll respond.
So basically hidden networks still send out the unique identifying address and then when you take your phone with you, you’re just telling everybody what your home WiFi is called.
Hidden SSIDs are not that useful.
- Comment on PSA syncthing-fork has changed owners 2 weeks ago:
According to this post, it was partly that and lack of maintainers. Given there’s maintainers for a fork, I’m curious why they didn’t bring them into the main project.
Reason is a combination of Google making Play publishing something between hard and impossible and no active maintenance. The app saw no significant development for a long time and without Play releases I do no longer see enough benefit and/or have enough motivation to keep up the ongoing maintenance an app requires even without doing much, if any, changes.
- Comment on PSA syncthing-fork has changed owners 2 weeks ago:
We’re sort of in this situation because the official project decided not to continue providing an official Android app, yet people want to use it on Android forcing unofficial versions to be created and maintained.
I get that they don’t want to deal with Google Play anymore, but somebody has to deal with it and them not owning the app is putting users at risk.
- Comment on Google flags Immich sites as dangerous 5 weeks ago:
How would that work? The use case is for previews for pull requests. Somebody submits a change to the website. This creates a preview domain that reviewers and authors can see their proposed changes in a clean environment.
CloudFlare pages gives this behavior out of the box.
- Comment on Google flags Immich sites as dangerous 5 weeks ago:
It is for pull requests. A user makes a change to the documentation, they want to be able to see the changes on a web page.
If you don’t have them on the open web, developers can’t see the previews.
The issue they had was being marked as phishing, not the SSL certificate warning page.
- Comment on Why do so many put their resources in AWS us-east-1 when that's the only one (that I'm aware of) that has ever gone done? 1 month ago:
Some people are asking why other regions seem to be affected when us-east-1 goes down. Why aren’t they separated out? I used to work in AWS, but will speak generally.
First, it’s important to understand the concept of a control plane vs a data plane. Amazon and other big scale companies often talk in terms of control plane/data plane separation because those two concepts have wildly different scale and requirements.
A control plane is the side of your service that handles the administrative functions of a service. For example, AWS S3 service would separate out bucket creation and deletion work from the file create/edit. In Route 53, this would be creating and editing zones. In IAM, it’s the creation of AWS access keys for IAM users. IAM Roles, IIRC, work differently and can function more in the data plane.
A data plane is the side of the service that handles the main meat and potatoes of a service. For example, AWS S3 any object key creates, edits, deletes would all be part of the data plane. In Route 53, these would be any DNS call. I don’t know if updating a record was considered a data plane call or not.
These are separated out because data plane generally massively dwarf the number of calls for administrative APIs. It’s also done because control plane calls often times have some extra complexities. Like in Route 53, to create a zone means you need to go find n different name servers that can handle a given domain name without overlapping with another customer, you need to tell them that they should now handle calls, you need to get the records to those servers running all over the world.
The fact is Route 53 is globally replicated and they need to have a source of truth and engineering culture pushes Amazon towards a pull based approach. If a user creates a zone in eu-west-1, they still expect it to be on servers all over the world, so how do you get it there? Well, AWS takes the approach that certain services can have a single region dependency for their control plane in the case that it’s infeasible technically or to the business to avoid one, however the data plane of the service can’t have that dependency.
- Comment on Why do so many put their resources in AWS us-east-1 when that's the only one (that I'm aware of) that has ever gone done? 1 month ago:
N. California as a region can’t grow and it’s priced accordingly. Instead, compare US East (Ohio) or US West (Oregon) for a region that’s price competitive. A lot of Amazon internal stuff was starting to move to US East (Ohio) because it was geographically close, but a lot less problematic.
- Comment on Open-WebUI v0.6.29 release 2 months ago:
A newer release, v0.6.30 is already released to fix an issue with OneDrive integration.
Looks like they finally finally made their slim image tag smaller than the main image:
ghcr.io/open-webui/open-webui:v0.6.30-slim 7c61b17433e8 46 hours ago 4.3GB ghcr.io/open-webui/open-webui:v0.6.30 c1ac444c0471 46 hours ago 4.82GB
Though only saving .5GB of space is not very slim. I use OpenWebUI in my home lab, but this issue just made me question the quality of the project a tiny bit.
- Comment on 2 months ago:
Depends on the watermark method used. Some people talk about watermarking by subtly adjusting the words used. Like if there’s 5 synonyms and you pick the 1st synonym, next word you pick the 3rd synonym. To check the watermark you have to access to the model and probabilities to see if it matches that. The tricky part about this is that the model can change and so can the probabilities and other things I don’t fully understand.
- Comment on Need some help with networking - tailscale, gluetun etc 2 months ago:
How do you expect the packets to actually route? If you run Tailscale and your VPN on your phone, they might fight with each other for control of the routing table.
If you’re trying to use Tailscale exit note to then route through Tailscale to one node running gluetun to Mullvad. That’s going to be complex because against they both want to mess with the routing table.
Tailscale natively supports Mullvad: tailscale.com/mullvad
- Comment on Need some help with networking - tailscale, gluetun etc 2 months ago:
Okay it was a little hard to read since your post was missing formatting. TS_SUBNETS is what controls what CIDRs are announced through Tailscale. Since you’re not using Docker networking for Jellyfin, it would be whatever subnet the host is on. Maybe it’s 192.168.x.y
- Comment on Need some help with networking - tailscale, gluetun etc 2 months ago:
Gluetun doesn’t make any sense here. You’re forcing all the traffic for from Jellyfin to go through Mullvad, but you need to be able to connect to Jellyfin because Jellyfin is a service you connect to.
Since your Tailscale is host network mounted, you’ll be able to expose your Docker network subnets over Tailscale then access Jellyfin.
You probably intend to gluetun your downloading software, not Jellyfin.
- Comment on Google gets to keep Chrome, judge rules in search antitrust case 2 months ago:
Was that anything more than just rumors? Letting a currently monopolistic company keep the browser because another bad billionaire might buy it and do something bad with it just prevents anything from changing.
- Comment on 1U mini PC for AI? 2 months ago:
Your options are to run smaller models or wait. llama3.2:3b fits on my 1080 Ti VRAM and is sufficiently fast. Bigger models will get split between VRAM and RAM and run slower but it’ll work.
Not all models are Gen AI style LLMs. I run GPU based speech to text models on my GPU too for my smart home.
- Comment on Google will require developer verification for Android apps outside the Play Store 3 months ago:
Who organized this form? Is there something official to make it look like it’s not just signing me up for spam?
- Comment on 👁️🐽👁️ 3 months ago:
That’s also why certain contact lenses can’t be worn overnight or for long periods of time because they aren’t as breathable. At least that’s what my eye doctor said when I got them.
- Comment on Help setting up a selfhosted VPN at home 3 months ago:
I use a variant of this: github.com/linuxserver/docker-wireguard
You don’t need two different containers for this. They’re going to either fight each other for control over the networking tables or run wireguard in wireguard
- Comment on GitHub - gmag11/Paperless_ngx_uploader: a simple Android app to upload documents to a Paperless-NGX server using the native share intent. 3 months ago:
So I had a chance to try this out. It wasn’t on Google Play Store, only F-Droid. There isn’t really SSO support, you either login with User/Password or a token. Instead, I login with my browser, get the token and paste it in. That works fine, but an ideal world is just pop up an browser WebView and go through the flow, then grab the token. Maybe it was intentional, but PaperlessShare registered as an Open handler for PDFs and the share menu, whereas this is only share menu.
Overall, it does the job and gets my docs uploaded.
- Comment on Study: Social media probably can’t be fixed 3 months ago:
My prediction is that manually reviewing user creation won’t scale to a high level and unless systems develop spam detection and reputation management similar to email then it’s not going to be limited to just one or two bad instances.
Its trivial to create my own instance with a new domain and there’s no limitations against sending ActivityPub messages to a server. Unfortunately the simplest fix is for big instances to restrict what instances can communicate to it, but that causes centralization.
Plus, we don’t need to be huge. There’s no benefit from it.
The benefit is breadth and depth of communities. Reddit is great because if you are interested, there’s a bunch of people talking about it.
- Comment on Systemd Service Hardening 3 months ago:
How hard would it be to contribute these improvements back to the project in the form of either distro package updates or documentation changes? Did you consider that?
- Comment on GitHub - gmag11/Paperless_ngx_uploader: a simple Android app to upload documents to a Paperless-NGX server using the native share intent. 3 months ago:
Can you expand on the OIDC/OpenID support? Does it support SSO based authentication to Paperless?
- Comment on Leaving GitHub. Music server alternatives? 3 months ago:
I respect your strong ethics and sticking to them, but saying they people support genocide for using software hosted on GitHub is an extreme position.
Do you drive a car or fly a plane? Then you must have no red lines against climate change.
- Comment on Self-hosted blog - do I need a static IP address? 3 months ago:
- Comment on Itch.io has begun restoring NSFW content, but only if it’s free 3 months ago:
The problem is the payment processor. There’s only so many of them that customers actually choose to use.
- Comment on Mastercard release a statement about game stores, payment processors and adult content 3 months ago:
buy a stock through a company like Fidelity where is the stock actually held and that was layers of public/private companies/corporations
- Comment on OpenAI’s Sam Altman warns of AI voice fraud crisis in banking 4 months ago:
How about some Yubikeys or smart cards instead of something that requires me to scan my retina and share it with Sam Altman
- Comment on I'm setting up a Windows 11 laptop for my uncle. Is there a sneaky way to make it block right-wing bullshit websites? 4 months ago:
If you alter it to 0.0.0.0 then it shouldn’t pop an SSL error, it would be a connection failed error.